Bug 469317 - Review request: lynis - Security and system auditing tool
Review request: lynis - Security and system auditing tool
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Lucian Langa
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-10-31 05:25 EDT by Rakesh Pandit
Modified: 2014-02-07 07:37 EST (History)
4 users (show)

See Also:
Fixed In Version: lynis-1.3.7-1.el6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-11-08 00:18:24 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
cooly: fedora‑review+
limburgher: fedora‑cvs+


Attachments (Terms of Use)

  None (edit)
Description Rakesh Pandit 2008-10-31 05:25:51 EDT
Description:
Lynis is a security and system auditing tool. It scans a system on the
most interesting parts useful for audits, like:
     - Security enhancements
     - Logging and auditing options
     - Banner identification
     - Software availability

SRPM: http://rakesh.fedorapeople.org/srpm/lynis-1.2.1-1.fc10.src.rpm
SPEC: http://rakesh.fedorapeople.org/spec/lynis.spec
Comment 1 Lucian Langa 2008-11-07 01:29:17 EST
Please fix this using macros instead of hard coded path.

mkdir -p $RPM_BUILD_ROOT/etc/lynis
# profile
install -m 644 -p default.prf $RPM_BUILD_ROOT/etc/lynis
Comment 3 Lucian Langa 2008-11-07 03:20:32 EST
There are a few issues:

%{_datadir}/%{name}/include/*
%{_datadir}/%{name}/plugins/*
%{_datadir}/%{name}/db/*

will result in unowned directories.

Suggestion: simply drop those and modify:
 %dir %{_datadir}/%{name} -> %{_datadir}/%{name}


lynis.noarch: W: non-conffile-in-etc /etc/lynis/default.prf

Also you have to decide if you should mark this file noreplace.
https://fedoraproject.org/wiki/Packaging/Guidelines#Configuration_files
.. if so, header needs to be adapted.
Note: Not seeing any differences in previous release.
Comment 5 Rakesh Pandit 2008-11-07 03:59:58 EST
lynis.noarch: W: non-conffile-in-etc /etc/lynis/default.prf

I will keep default.prf in /etc, as it a conf file.
Comment 6 Lucian Langa 2008-11-07 05:11:12 EST
Thank you.

Review:

OK  source files match upstream :
    4f8db3c524c1014db5842ca2dbd575aa  lynis-1.2.1.tar.gz
OK  package meets naming and versioning guidelines.
OK  specfile is properly named, is cleanly written and uses macros consistently.
OK  summary is OK.
OK  description is OK.
OK  dist tag is present.
OK  build root
OK  license field matches the actual license.
OK  license is open source-compatible. 
OK  license text included in package.
N/A BuildRequires are proper.
N/A compiler flags are appropriate.
OK  %clean is present.
OK  package builds in mock (rawhide, x86_64).
OK  package installs properly.
N/A debuginfo package looks complete.
OK  rpmlint is silent.
OK  final provides and requires are sane:
        config(lynis) = 1.2.1-2.fc10
        lynis = 1.2.1-2.fc10
        =
        /bin/sh
        config(lynis) = 1.2.1-2.fc10
        rpmlib(CompressedFileNames) <= 3.0.4-1
        rpmlib(PayloadFilesHavePrefix) <= 4.0-1
N/A  no shared libraries are added to the regular linker search paths.
OK  owns the directories it creates.
OK  doesn't own any directories it shouldn't.
OK  no duplicates in %files.
OK  file permissions are appropriate.
OK  no scriptlets present.
OK  code, not content.
OK  documentation is small, so no -doc subpackage is necessary.
OK  no headers.
OK  no pkgconfig files.
OK  no static libraries.
OK  no libtool .la files.
N/A not GUI application.

Suggestion:
Please consider doing something about header of /etc/lynis/default.prf as it might seem confusing

#
# Do NOT change this file, as it will be overwritten while upgrading. Instead
# make a copy of this file and adjust it.
#

I think is should be changed upstream.

APPROVED.
Comment 7 Rakesh Pandit 2008-11-07 07:22:07 EST
Thanks - I will check with upstream also.

New Package CVS Request
=======================
Package Name: lynis
Short Description: Security and system auditing tool
Owners: rakesh
Branches: F-8 F-9 F-10
InitialCC:
Cvsextras Commits: yes
Comment 8 Kevin Fenzi 2008-11-07 16:27:12 EST
cvs done.
Comment 9 Fedora Update System 2008-11-07 23:59:36 EST
lynis-1.2.1-3.fc8 has been submitted as an update for Fedora 8.
http://admin.fedoraproject.org/updates/lynis-1.2.1-3.fc8
Comment 10 Fedora Update System 2008-11-08 00:00:51 EST
lynis-1.2.1-3.fc9 has been submitted as an update for Fedora 9.
http://admin.fedoraproject.org/updates/lynis-1.2.1-3.fc9
Comment 11 Fedora Update System 2008-11-08 00:01:17 EST
lynis-1.2.1-3.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/lynis-1.2.1-3.fc10
Comment 12 Fedora Update System 2008-12-11 03:01:27 EST
lynis-1.2.1-3.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 13 Fedora Update System 2008-12-11 03:04:30 EST
lynis-1.2.1-3.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 14 Christopher Meng 2013-11-26 02:46:29 EST
Package Change Request
======================
Package Name: lynis
New Branches: el6
Owners: bar cicku
Comment 15 Jon Ciesla 2013-11-26 08:53:21 EST
Git done (by process-git-requests).
Comment 16 Fedora Update System 2013-11-26 09:10:54 EST
lynis-1.3.5-1.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/lynis-1.3.5-1.el6
Comment 17 Fedora Update System 2013-12-04 05:30:28 EST
lynis-1.3.6-1.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/lynis-1.3.6-1.el6
Comment 18 Fedora Update System 2013-12-04 05:30:45 EST
lynis-1.3.6-1.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/lynis-1.3.6-1.fc19
Comment 19 Fedora Update System 2013-12-04 05:30:57 EST
lynis-1.3.6-1.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/lynis-1.3.6-1.fc18
Comment 20 Fedora Update System 2013-12-04 05:31:08 EST
lynis-1.3.6-1.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/lynis-1.3.6-1.fc20
Comment 21 Fedora Update System 2013-12-07 01:53:52 EST
lynis-1.3.6-1.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 22 Fedora Update System 2013-12-08 21:02:03 EST
lynis-1.3.6-1.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 23 Fedora Update System 2013-12-11 00:59:10 EST
lynis-1.3.7-1.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/lynis-1.3.7-1.fc20
Comment 24 Fedora Update System 2013-12-11 00:59:32 EST
lynis-1.3.7-1.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/lynis-1.3.7-1.fc19
Comment 25 Fedora Update System 2013-12-11 00:59:48 EST
lynis-1.3.7-1.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/lynis-1.3.7-1.el6
Comment 26 Fedora Update System 2013-12-11 21:58:08 EST
lynis-1.3.7-1.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 27 Fedora Update System 2013-12-19 20:54:14 EST
lynis-1.3.7-1.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 28 Fedora Update System 2013-12-27 17:15:41 EST
lynis-1.3.7-1.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 29 Christopher Meng 2014-02-07 01:31:58 EST
Package Change Request
======================
Package Name: lynis
New Branches: epel7
Owners: cicku
Comment 30 Jon Ciesla 2014-02-07 07:37:11 EST
Git done (by process-git-requests).

Note You need to log in before you can comment on or make changes to this bug.